EUVD-2020-6198

Malware in sbrugna...

EUVD-2021-13123

Malware in sbrugna...

EUVD-2023-24757

Malicious code in bioql PyPI...

EUVD-2024-31373

Malicious code in bioql PyPI...

EUVD-2021-30262

Malicious code in bioql PyPI...

EUVD-2023-43015

Malicious code in bioql PyPI...

EUVD-2024-19530

Malicious code in bioql PyPI...

EUVD-2023-26748

Malicious code in bioql PyPI...

EUVD-2022-39054

Malicious code in bioql PyPI...

CVE-2025-7027 SMM Arbitrary Write via Dual-Controlled Pointers in CommandRcx1

A vulnerability in the Software SMI handler SwSmiInputValue 0xB2 allows a local attacker to control both the read and write addresses used by the CommandRcx1 function. The write target is derived from an unvalidated UEFI NVRAM variable SetupXtuBufferAddress, while the write content is read from a...

CVE-2025-7029

CVE-2025-7029 affects Gigabyte UEFI firmware via the Software SMI handler SwSmiInputValue 0xB2. The vulnerability lets an attacker locally control the RBX-derived pointers (OcHeader, OcData) used in power/thermal configuration, enabling arbitrary SMRAM writes and potential SMM privilege escalatio...

CVE-2025-7029 SMM Arbitrary Write via Unchecked OcHeader Buffer in Platform Configuration Handler

A vulnerability in the Software SMI handler SwSmiInputValue 0xB2 allows a local attacker to control the RBX register, which is used to derive pointers OcHeader, OcData passed into power and thermal configuration logic. These buffers are not validated before performing multiple structured memory...

CVE-2024-55567

Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary...

CVE-2024-55567

CVE-2024-55567 affects InsydeH2O kernel (Insyde USB core) with a flaw in UsbCoreDxe that allows an SMM-level write of arbitrary memory due to improper input validation. Affected versions include InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.0...

PT-2025-25335

Name of the Vulnerable Software and Affected Versions Insyde InsydeH2O kernel versions 5.4 through 05.46.01 Insyde InsydeH2O kernel versions 5.5 through 05.54.01 Insyde InsydeH2O kernel versions 5.6 through 05.61.01 Insyde InsydeH2O kernel versions 5.7 through 05.70.01 Description Improper input...

CVE-2022-36338

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then...

CVE-2024-21924

SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution...

CVE-2024-33657

This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks...

CVE-2024-33657 Smm Callout in SmmComputrace Module

This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks...

CVE-2024-33657

CVE-2024-33657 describes a SMM vulnerability (SmmCallout in SmmComputrace Module) that could allow a local, privileged attacker to execute arbitrary code, manipulate stack memory, and leak data from SMRAM to kernel space, potentially causing a denial of service. Affected component is within SMM/C...